PicoCTF Writeup – extensions
# Information:
CTF Name: PicoCTF
CTF Challenge: extensions
Challenge Category: Forensics
Challenge Points: 150
PicoCTF 2019.
# Challenge Description:
This is a really weird text file TXT? Can you find the flag?
The string “TXT” has a link to download a file.
Relevant hint: How do operating systems know what kind of file it is? (It’s not just the ending!
# Writeup
Another funny picoCTF challenge for us! This one is regarding how operating systems know the extensions of a certain file. They do so by using the magic numbers of a particular file, also known as file signatures. We can find a list of magic numbers for several file extensions in Wikipedia.
After learning about this I decided to start the exercise. I did so by downloading the file into my Kali Linux virtual machine. The downloaded file had the name “flag.txt“. I decided to open it using the text editor vim, this was the output:
This is a very weird set of characters. Looking closely we can see that on the top corner of the image above, which is the beginning of the file output, we have the initials PNG. By knowing that the extension of files is represented by the magic numbers (or file signatures) and also that these numbers are the first numbers in the hexadecimal representation of the file I thought that maybe, the magic numbers of this file “flag.txt” are indeed the magic numbers of a PNG file.
To test my theory I changed the extension of the file from .txt to .png.
To change the extension I simply renamed the file. To do so I right-clicked on the file, and chose the option rename, as presented in the image below:
This was the resulting image:
And the flag is:
Show flag
picoCTF{now_you_know_about_extensions}
The image source can be found here.
Thank you very much for reading!
Cheers,
MRegra
Author Profile
I every time spent my half an hour to read this web site’s articles every day along with a
cup of coffee.